Samba 4.7.4 should not be shipped as an AD DC

Bug #1755057 reported by Andrew Bartlett on 2018-03-12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Andreas Hasenack

Bug Description

Samba 4.7.4 and below has an unfortunate upgrade bug

See the release notes for Samba 4.7.5

Please do not ship Samba 4.7.4 in Ubuntu 18.04, instead given the security release due tomorrow, ship 4.7.6 with both the security fix and this fixed.


Andrew Bartlett
Samba Team

Related branches

CVE References

Changed in samba (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
status: New → In Progress
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.7.6+dfsg~ubuntu-0ubuntu1

samba (2:4.7.6+dfsg~ubuntu-0ubuntu1) bionic; urgency=medium

  * New upstream version:
    - Fix database corruption bug when upgrading from samba 4.6 or lower
      AD controllers (LP: #1755057)
    - Fix security issues: CVE-2018-1050 and CVE-2018-1057 (LP: #1755059)
  * Remaining changes:
    - debian/VERSION.patch: Update vendor string to "Ubuntu".
    - debian/smb.conf;
      + Add "(Samba, Ubuntu)" to server string.
      + Comment out the default [homes] share, and add a comment about
        "valid users = %s" to show users how to restrict access to
        \\server\username to only username.
    - debian/samba-common.config:
      + Do not change priority to high if dhclient3 is installed.
    - Add apport hook:
      + Created debian/
      + debian/rules, debian/samba-common-bin.install: install hook.
    - Add extra DEP8 tests to samba (LP #1696823):
      + d/t/control, d/t/cifs-share-access: access a file in a share using cifs
      + d/t/control, d/t/smbclient-anonymous-share-list: list available shares
      + d/t/control, d/t/smbclient-authenticated-share-list: list available
        shares using an authenticated connection
      + d/t/control, d/t/smbclient-share-access: create a share and download a
        file from it
    - d/samba-common.dhcp: If systemctl is available, use it to query the
      status of the smbd service before trying to reload it. Otherwise,
      keep the same check as before and reload the service based on the
      existence of the initscript. (LP #1579597)
    - d/control, d/rules: Disable glusterfs support because it's not in main.
      MIR bug is

 -- Andreas Hasenack <email address hidden> Tue, 13 Mar 2018 16:58:49 -0300

Changed in samba (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers